debian · CVE-2021-28657

Quick triage

Priority: not yet assigned Published: Updated: Mon, 13 Jul 2026 06:39:44 GMT

View at Official debian advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2021-28657 not yet assigned priority: Debian including 1 source packages (tika), 2 status rows across 2 suites (bullseye, sid): open 2.

Description:

A carefully crafted or corrupt file may trigger an infinite loop in Tika's MP3Parser up to and including Tika 1.25. Apache Tika users should upgrade to 1.26 or later.

cvelogic Threat Intelligence